API on Peter.H's Full-Stack GAME

API on Peter.H's Full-Stack GAMEhttps://peter-notes.com/tags/api/Recent content in API on Peter.H's Full-Stack GAMEPeter.H's Full-Stack GAMEhttps://peter-notes.com/images/og-image.jpghttps://peter-notes.com/images/og-image.jpgHugozh-twFri, 24 Apr 2026 00:00:00 +0000ORM 在騙你：當 populate / include 悄悄失效https://peter-notes.com/posts/orm-silent-populate-failure/Fri, 24 Apr 2026 00:00:00 +0000https://peter-notes.com/posts/orm-silent-populate-failure/一個 CMS 文件的「上傳者」欄位永遠空白引出的除錯故事：當 ORM 的 populate / include 在特定條件組合下靜默失敗，HTTP 200 OK、其他欄位都對，唯獨關聯變成 null。介紹這類跨 ORM 的通病怎麼診斷、怎麼繞過、怎麼從架構分層理解為什麼只有這一層會騙人。Strapi v5's Silent populate Failure with Relation Filtershttps://peter-notes.com/posts/strapi-v5-populate-silent-failure-with-relation-filters/Fri, 24 Apr 2026 00:00:00 +0000https://peter-notes.com/posts/strapi-v5-populate-silent-failure-with-relation-filters/A reproducible Strapi v5 bug: combining filters[relation][id][$eq] with populate[relation]=true silently returns null for the populated field — no error, no warning, just missing data. This post walks through the symptom, a curl reproduction, why it happens at the ORM layer, and a knex-based custom find controller that fixes it.Strapi 忘記密碼的安靜回應：Anti-Enumeration、Phishing-as-a-Service 與撞庫經濟學https://peter-notes.com/posts/strapi-forgot-password-anti-enumeration/Tue, 21 Apr 2026 00:00:00 +0000https://peter-notes.com/posts/strapi-forgot-password-anti-enumeration/從一次 kubectl 排查出發，解析為何 Strapi 忘記密碼 API 對不存在的 email 仍回 200，並深入釣魚工具（Gophish、Evilginx2）與撞庫工具（OpenBullet）的運作與經濟模型，說明 App 文案為何必須配合後端的 anti-enumeration 設計。頭貼切不回去？一個 Bug 揪出 Admin Panel 權限漂移的跨後端通病https://peter-notes.com/posts/admin-panel-permission-drift-cms-backends/Fri, 17 Apr 2026 00:00:00 +0000https://peter-notes.com/posts/admin-panel-permission-drift-cms-backends/從一個 Flutter 切不回手機頭貼的 bug 出發，揭開 Strapi Admin Panel 權限漂移這個跨後端的共通陷阱。深入分析雙層根因、衍生的 null validation bug，以及為什麼 Firebase、Supabase、Hasura、AWS IAM 都逃不過這個問題。從 53 種食物到 13,152 種：五國食物資料庫 ETL 管線設計實錄https://peter-notes.com/posts/usda-fooddata-etl-pipeline-design/Tue, 17 Mar 2026 00:00:00 +0000https://peter-notes.com/posts/usda-fooddata-etl-pipeline-design/從實戰出發，記錄如何設計一條 Python ETL 管線，整合台灣、日本、中國、USDA 四個政府食物營養資料庫，並處理 API 格式不一致、缺少分類欄位等真實踩坑經驗。解決 API 回應中的 BOM (Byte-Order Mark) 字元問題https://peter-notes.com/posts/api-related-notes/Wed, 15 May 2024 00:00:00 +0000https://peter-notes.com/posts/api-related-notes/深入探討 API 回應中不可見的 BOM 字元如何導致 JSON 解析失敗，以及如何診斷和解決這個隱藏的問題。完整的 Swift 解決方案與預防措施。